yalu102 icon indicating copy to clipboard operation
yalu102 copied to clipboard

Published 20 hours ago verified publisher icon kpwn

Change Dropbear port to 2222

Open dareal68 opened this issue 8 years ago • 8 comments

By using port 2222 we are able to connect to localhost with App Store SSH client app like Blink Shell or Prompt 2

dareal68 avatar Feb 01 '17 15:02 dareal68

This would introduce a security issue and should not be made the standard configuration. Apps could gain root privileges through your change if the user did not change the root password.

mologie avatar Feb 01 '17 16:02 mologie

if the user did not change the root password

Apps could do this anyway if you never changed the root pass. You could do many things like that, so your argument is invalid

nullpixel avatar Feb 01 '17 16:02 nullpixel

Who does not change a password that he did not choose himself. We talk about a security issue on a platform compromised by the jailbreak itself. I take the risk, am I crazy? Let me know. Thanks

dareal68 avatar Feb 01 '17 17:02 dareal68

Apps could do this anyway if you never changed the root pass. You could do many things like that, so your argument is invalid

@nullpixel1, In that case, please explain to me how an app is going to become root if they cannot access the locally running SSH server thanks to the sandbox and cannot exploit the kernel thanks to yalu102's patching the bug it exploits.

Who does not change a password that he did not choose himself. We talk about a security issue on a platform compromised by the jailbreak itself.

@dareal68, Most people who install this jailbreak do not even know what a root account is. Thus, neither will most people change their root password. The jailbreak does reduce security, but does not install open backdoors.

mologie avatar Feb 01 '17 17:02 mologie

@Mologie If I understand correctly, the best solution for me would be to unsandbox my SSH client app. In this way, only this application will have access to the SSH server on port 22.

Do you think it's a better solution to the change I made?

dareal68 avatar Feb 01 '17 17:02 dareal68

@dareal68, your change is fine and in fact the easiest solution for your phone. By all means, use it on yours - there's hardly a better solution around the sandbox restriction.

However, I do not think that your solution should be installed on all phones which install Yalu, because even though you did change your root/mobile passwords (you did, right?), most people will not. That is the only reason why I disagree with your request to have this pulled into the main code base. Technically, what you did is just fine. The issue here is your average users.

mologie avatar Feb 01 '17 17:02 mologie

If you want to change the port you can but its better off leaving it on p22

x86shell avatar Feb 02 '17 14:02 x86shell

I would include a (defaulted to off) switch to Yalu 102 that tells yalu to set the configuration either to port 22 or yours. (I'd add an "options" menu somewhere)... And if somebody switches the Button to on the value of the button should be saved let's say in /.yalussh and should be read by Yalu after a reboot. If you decide to set the port to 2222 there should be a warning.

ann0see avatar Feb 02 '17 20:02 ann0see